Robert Mukiibi Email and Phone Number

Ensuring the DHSC’s compliance with Data Protection and Freedom of Information legislation, nurturing a strong governance culture, and acting in an advisory role to both colleagues in the DHSC and members of the public.• Monitor and ensure the DHSC’s compliance with Data Protection (GDPR) legislation.• Assist with the development and implementation of the Information Governance (IG) Framework.• Act as the GDPR & Freedom of Information (FOI) Coordinator, advising and reporting on these matters directly to the Chief Officer• Responsible for handling of FOI requests and use of the FOI iCasework Management System for reporting.• Act as the point of contact with the Information Commissioner’s Office for matters relating to GDPR & FOI including the DHSC’s, and its statutory bodies’ registration.• Monitor and oversee the processing of DSARs.• Provide advice and guidance to Executive Directors and Senior Officers on the production and review of Data Protection Impact Assessments (DPIA), Data Processing & Sharing agreements.• Develop and support a culture of high-quality IG practices, drafting Policies, Standards and Guidance documents.• Manage any data breaches and security incidents and reporting to the Information Commissioner’s Office when considered necessary.• Lead on training for staff in relation to GDPR & FOI and monitor compliance with mandatory training.• Facilitate the completion and on-going monitoring of the Record of Processing Activities.• Assist members of the public in relation to GDPR & FOI matters.• Ensure that the retention schedule is regularly reviewed and adhered to.• Maintain appropriate Records Management Processes as well as liaising the Public Records Office for permanent records preservation.

● Responsible for supporting Health and Care Transformation Programme - IG Project (“the project”) which is part of a whole systems approach based in Manx Care● Supporting the implementation and the assurance of the IG projects within the programme, ● Providing specialist knowledge and expertise and supporting improved awareness of IG across Manx Care so that staff understand its benefits, ● Enable culture change and embedding IG into staff day to day working practices and improve patient safety, quality and care.● Supporting the assurance of the Data Security and Protection Toolkit to be completed and submitted on time in line with NHS requirements with all supporting evidence available for audit review.● Provision of IG expertise, identifying best practice and making recommendations for local implementation.● Responsibility for specific areas of IG mainly Data Protection, Caldicott, Confidentiality, Information Risk management and IG Management.● Provision of knowledge and support to the SIRO, Caldicott Guardian, Information Asset Owners, Care Group Heads, and Directors relating to the application of nformation Governance principles and processes relating to the security, integrity and confidentiality of patient and staff information.● Responsible for monitoring Manx Care’s IG performance and recommending appropriate action to ensure best practice at all times.● Delivery of the IG agenda. This involves the on-going review and development of Manx Care’s IG policy and strategy, ensuring that any action plans, policies and procedures are fully implemented.● Undertaking and complete IG risk related activities, audits, and assessments as may be informed by the project, Manx Care and Its business needs.● Preparation, drafting, review and completion of relevant IG accountability related documentation such as Data Processing/Information Sharing Agreements, Data Protection Impact Assessments and Contracts.

● Leading the Trust’s Information Governance team ensuring that the evolving Trust’s Information Governance Agenda;● Establishment, delivery and oversight of the Trust’s Information Governance (IG) Strategy;● Monitoring and delivery of agreed actions to achieve the Trust’s Information Governance Strategy;● Developing, analysing and maintaining IG standards and practice, IG systems and data sharing flows;● Supplying and ensuring expert advice and operational delivery of all areas of IG;● Supporting the Trust’s Caldicott Guardian and SIRO with the implementation of policies and procedures to ensure that the Trust is compliant with Caldicott requirements and relevant codes of practice;● Responsibility for the Trust’s compliance with requests for information;● Maintaining a database of information sharing agreements via the NHS Data Controller Console (DCC);● Acting Data Protection Officer and deputise for the SIRO when needed;● Investigating data protection complaints and drafts responses as the Data Protection Officer.

● Working directly under the Associate Director of Information Governance;● Brought in to support the effective delivery of a number of digitally led / enabled transformational integrated care programmes; ● Closely worked with the Programme Teams and a range of partner organisations to ensure that new activities are developed in line with a ‘privacy by design and default’ approach;● Working on Risk Assessments of Digital Products and engaging with system suppliers in mitigation and assurance of the solutions;● Undertaking initial and full Data Protection Impact Assessments (DPIA) for related projects / activities on behalf of partner organisations;● Develop robust Data Sharing Agreements and supporting arrangements for digitally led or digitallyenabled transformational activities;● Undertake detailed reviews of IG accreditation of ICS partners, suppliers of services, and ICT systems / Digital solutions as well as Inform the development of programme / project plans and other control documents.

● Leading the Trust’s Information Governance team ensuring that the evolving Trust’s Information Governance Agenda;● Ensuring that the Trust’s systems and information collection processes are aligned to the Data Protection and Security Toolkit (DSPT), ISO 27001/2 and compliant to the Data Protection Act 2018, UK GDPR as well as other regulatory frameworks;● Leading on the provision of expert advice to other departments on Data Protection and Information Assurance; ● Co-ordinating the Trust’s Information Governance Steering Committee including agenda setting;● Attending local, regional and national information governance meetings on behalf of the Trusts and translating back any relevant developments and issues to the Trust; ● Leading the Trust’s compliance with all DSPT standards and ensure resulting action plans are robustly articulated, monitored, appropriately escalating and prioritising areas of risk. Achieved timely DSPT Submission with Standards Exceeded;

● Led on the development and implementation of information governance strategy for the Trust;● Delivered a local process and implementation of the National Data Opt-Out Policy;● Managed Information Governance Risks;● Was responsible for Data Protection and Confidentiality;● Delivered Data Protection Impact Assessment (DPIA and Data Sharing Agreements);● Supported for Caldicott Guardian, SIRO, and Information Governance Team;● Caldicott / Confidentiality Code of Practice● Delivered assurance of the evidence items for the annual submission of Dept; of Health mandated Data Security and Protection Toolkit (DSPT) returns;● Worked with External Auditors on the organisation’s DSPT Submission;● Was responsible for ensuring good practice in third party contract assurances on data handling, contract security and asset ownership;● Led on investigations into data security breaches and reporting to external organisations e;g; Information Commissioners Office (ICO);● Managed the Information Governance “Business As Usual” process;

● Worked alongside Information Governance Manager / Data Protection Officer in the Information Governance work programme, to ensure compliance with the requirements of the DSP Toolkit and other national standards, guidance and legislation;● Worked with all staff groups to raise awareness of Information Governance throughout the organisation, by coordinating training and awareness events and ensured that all staff are aware of their responsibilities and adhere/comply with the relevant policies; achieved 99% pass rate on staff face-to-face training which includes Caldicott Principles, Data Protection Act and IG Policies;● Identified gaps in meeting the requirements of the DSP Toolkit and ensured that potential weaknesses identified by the Toolkit are incorporated into an action/development Plan and addressed at the earliest opportunity;● Assisted the Information Governance Lead with the development of a process of internal audit against the DSP Toolkit standards and provide a report to the Information Governance group meetings as and when required;● Assisted and advised staff on the completion of Data Protection Impact Assessments (DPIAs) and Research Protocols with particular focus on IT security;● Coordinated and supported information governance incident investigations where required, including assisting staff with investigations and producing investigation reports;● Advised staff on data processing/sharing and drafted relevant data processing/sharing agreements with third parties for approval by the Chief Information Officer and Caldicott Guardian;● Supported the Data Protection Officer in providing assurance to the Trust Board on Information Governance issues;